Merge remote-tracking branch 'upstream/master' into feat/hide-share-buttons

f2c0a7b1 · Marcelo Rivera · ba4346cb · 5c9218c9 · f2c0a7b1 · f2c0a7b1
Commit f2c0a7b1 authored 1 hour ago by Marcelo Rivera
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 11 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -48,6 +48,11 @@ prepare:fpm:
        --build-arg SENTRY_DSN=$SENTRY_DSN \
        .
    - docker push $CI_REGISTRY_IMAGE/fpm:$CI_PIPELINE_ID
+    - >
+      if [ $CI_COMMIT_BRANCH == "master" ]; then 
+        docker tag $CI_REGISTRY_IMAGE/fpm:$CI_PIPELINE_ID $CI_REGISTRY_IMAGE/fpm:latest &&
+        docker push $CI_REGISTRY_IMAGE/fpm:latest
+      fi

 prepare:runners:
  stage: prepare
@@ -64,6 +69,11 @@ prepare:runners:
        --build-arg SENTRY_DSN=$SENTRY_DSN \
        .
    - docker push $CI_REGISTRY_IMAGE/runners:$CI_PIPELINE_ID
+    - >
+      if [ $CI_COMMIT_BRANCH == "master" ]; then 
+        docker tag $CI_REGISTRY_IMAGE/runners:$CI_PIPELINE_ID $CI_REGISTRY_IMAGE/runners:latest &&
+        docker push $CI_REGISTRY_IMAGE/runners:latest
+      fi

 prepare:all:sentry:
  stage: prepare

--- a/Controllers/api/v1/channel.php
+++ b/Controllers/api/v1/channel.php
@@ -70,7 +70,6 @@ class channel implements Interfaces\Api
        $response['channel']['briefdescription'] = $response['channel']['briefdescription'] ?: '';
        $response['channel']['city'] = $response['channel']['city'] ?: "";
        $response['channel']['gender'] = $response['channel']['gender'] ?: "";
-        $response['channel']['dob'] = $response['channel']['dob'] ?: "";

        if (!$user->merchant || !$supporters_count) {
            $db = new Core\Data\Call('entities_by_time');
@@ -234,7 +233,7 @@ class channel implements Interfaces\Api

                $update = [];
                foreach (['name', 'website', 'briefdescription', 'gender',
-                  'dob', 'city', 'coordinates', 'monetized'] as $field) {
+                        'city', 'coordinates', 'monetized'] as $field) {
                    if (isset($_POST[$field])) {
                        $update[$field] = $_POST[$field];
                        $owner->$field = $_POST[$field];

--- a/Core/Config/Exported.php
+++ b/Core/Config/Exported.php
@@ -123,6 +123,9 @@ class Exported

        if ($pro = $this->proDomain->lookup($_SERVER['HTTP_HOST'] ?? null)) {
            $exported['pro'] = $pro;
+        } elseif (!$this->proDomain->isRoot($_SERVER['HTTP_HOST'] ?? null)) {
+            // If not a pro site and not root then tell frontend to redirect
+            $exported['redirect_to_root_on_init'] = true;
        }

        return $exported;

--- a/Core/Security/XSRF.php
+++ b/Core/Security/XSRF.php
@@ -17,8 +17,8 @@ class XSRF

    public static function validateRequest()
    {
-        if (!Core\Session::isLoggedIn() && $_SERVER['REQUEST_METHOD'] === 'GET') {
-            return true; // If logged out and GET request we can accept
+        if ($_SERVER['REQUEST_METHOD'] === 'GET') {
+            return true; // XSRF only needed for modifiers
        }

        if (!isset($_SERVER['HTTP_X_XSRF_TOKEN'])) {

--- a/Core/Security/XSS/GenericRule.php
+++ b/Core/Security/XSS/GenericRule.php
@@ -163,7 +163,7 @@ class GenericRule implements Interfaces\XSSRule
            //make all urls force open in a new tab/window
            if ($element->nodeName == 'a') {
                $element->setAttribute('target', '_blank');
-                $element->setAttribute('rel', 'noopener noreferrer nofollow'); //nofollow hurts spammers
+                $element->setAttribute('rel', 'noopener noreferrer nofollow ugc'); //nofollow hurts spammers
            }
        }


--- a/Entities/User.php
+++ b/Entities/User.php
@@ -1216,7 +1216,6 @@ class User extends \ElggUser
        return array_merge(parent::getExportableValues(), [
            'website',
            'briefdescription',
-            'dob',
            'gender',
            'city',
            'merchant',
@@ -1418,4 +1417,26 @@ class User extends \ElggUser

        return $this;
    }
+
+    /**
+     * Gets the Surge Token of the user for push notifications.
+     *
+     * @return string Token.
+     */
+    public function getSurgeToken(): string
+    {
+        return (string) $this->surge_token ?? '';
+    }
+
+    /**
+     * Sets the Surge Token of the user for push notifications.
+     *
+     * @param string $token - the token string.
+     * @return User instance of $this for chaining.
+     */
+    public function setSurgeToken(string $token = ''): User
+    {
+        $this->surge_token = $token;
+        return $this;
+    }
 }
--- a/Spec/Core/Security/XSSSpec.php
+++ b/Spec/Core/Security/XSSSpec.php
@@ -39,25 +39,25 @@ class XSSSpec extends ObjectBehavior
    public function it_should_dissallow_onClick_attributes()
    {
        $dirty = "<a onclick=\"console.log('hmmm...')\">click me</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a target=\"_blank\" rel=\"noopener noreferrer nofollow\">click me</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">click me</a>");
    }

    public function it_should_allow_href_on_anchor_tags()
    {
        $dirty = "<a href=\"https://www.minds.com\">take me home</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"https://www.minds.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">take me home</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"https://www.minds.com\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">take me home</a>");
    }

    public function it_should_not_allow_bad_url_schemes()
    {
        $dirty = "<a href=\"javascript:alert('HEYHO')\">bad scheme here</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">bad scheme here</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">bad scheme here</a>");
    }

    public function it_should_not_allow_bad_url_schemes_with_case_hacks()
    {
        $dirty = "<a href=\"Javascript:alert('HEYHO')\">bad scheme here</a>";
-        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">bad scheme here</a>");
+        $this->clean($dirty)->shouldReturn('<?xml encoding="utf-8" ?>'."<a href=\"alert('HEYHO')\" target=\"_blank\" rel=\"noopener noreferrer nofollow ugc\">bad scheme here</a>");
    }

    public function it_should_not_allow_bad_url_schemes_from_multiple_keywords()

--- a/containers/php-runners/Dockerfile
+++ b/containers/php-runners/Dockerfile
@@ -6,7 +6,7 @@ ADD --chown=www-data . /var/www/Minds/engine

 # Remove the local settings file (if it exists)

-RUN rm -f /var/www/Minds/engine/settings.php
+# RUN rm -f /var/www/Minds/engine/settings.php

 # Setup our supervisor service